logo
Free PDF Check

Expense Fraud Detection API

Built for fraud ops at lending, insurance & compliance teams

Employees don’t forge receipts anymore — they regenerate them. A modified PDF looks identical to the original. A single API call reveals whether a receipt, hotel folio, or mileage log was fabricated or edited — at the structural layer that the file cannot hide.

~3 sec
per document
59 checks
forensic layers
From $15
per month
1,500+
docs / month on Growth
Scope

HTPBE? analyzes the structural layer of the PDF file — the layer that records every edit, even invisible ones. We don’t inspect mobile photos of paper receipts. For digital PDFs (hotel folios, airline itineraries, ride-share receipts, restaurant invoices), we’re the most specific tool for detecting fabrication and tampering.

The problem

T&E platforms catch policy violations. They don’t catch document fraud

Concur, Expensify, Ramp, and Brex use OCR to extract amounts and categories. They catch duplicate submissions and out-of-policy categories. They don’t check whether the PDF was edited after creation.

The average company loses 5% of annual T&E spend to expense fraud — a median of $1.9 million annually at mid-market companies. The most common method: modified PDF receipts. An employee edits a $45 restaurant receipt to $145, re-saves the file, and submits it. The content looks identical; the file structure records the edit.

Receipt generators produce entirely fabricated hotel folios, restaurant invoices, and mileage logs. The producer signature of a generator tool is distinct from that of a real hotel property management system — readable in the binary layer of the PDF. See the fake receipt detection guide for document-type specifics.

Common expense fraud patterns

  • Restaurant receipt total inflated in a PDF editor before submission
  • Hotel folio with room rate, dates, or extras modified
  • Receipt generated with an online template tool for a meal that never happened
  • Mileage log or per-diem claim self-produced with inflated figures
  • Flight itinerary copied and dates edited to match a personal trip

What this looks like

Document fraud in 2026 — three concrete patterns

Three real fraud mechanics we catch at the structural PDF layer.

01

Restaurant receipt total inflated in a PDF editor before submission

02

Hotel folio with room rate, dates, or extras modified

03

Receipt generated with an online template tool for a meal that never happened

04

Mileage log or per-diem claim self-produced with inflated figures

05

Flight itinerary copied and dates edited to match a personal trip

59 layers
Forensic checks per document
~3 sec
Median analysis time, end to end
From $15
Self-serve per month, no sales call

The detection gap

KYC platforms check the document. HTPBE? checks the file.

Two different checks — both matter.

KYC & identity platforms

Plaid · Persona · Alloy · Jumio

  • Is this a real bank statement template?
  • Does the account number match the identity?
  • Is the document format consistent with the issuing bank?

Detects fake documents. Does not detect edited real documents.

HTPBE? tamper detection API

Structural PDF integrity

  • Was this specific PDF file modified after it was generated?
  • Do metadata timestamps match the file structure?
  • Were digital signatures valid at the time of signing?

Catches edits invisible to visual review and template checks.

Results in under 3 seconds30 to 1,500+ documents/monthFrom $15/mo

What HTPBE? checks

What the API detects in expense receipts

Five forensic layers analyzed on every receipt — results in under 3 seconds

Producer signature match

Real merchant and platform exports have recognizable producer signatures. Marriott, Hilton, Hyatt, Uber, and airline systems produce consistent fingerprints. Generator tools and editors leave different ones.

Incremental update detection

Any post-export edit produces a structural fingerprint in the xref chain. A hotel folio or restaurant receipt with two xref tables was modified after the original system export.

Arithmetic consistency

Line items, taxes, service charges, and totals are checked for internal reconciliation. One altered figure breaks the chain — the most common signature of amount inflation.

Font subset prefix divergence

Multi-session edits leave page-to-page font subset shifts. Folios with multiple edited sections show this pattern across the document.

Text vs. raster layer agreement

Text edits on rasterized receipt images break agreement between the text and visual layers — a clean signal for amount substitutions on scanned-style receipts.

Modification date after expense date

The PDF ModDate updates automatically when a file is edited. A hotel folio ModDate weeks after the stated checkout date is a direct tampering signal.

Share with engineering

Wire this into your intake pipeline in under a day

Two API calls — one POST to submit the PDF, one GET to retrieve the verdict. Forward this page to your engineering team; the full API reference, quotas, and copy-paste examples in cURL, JavaScript, Python, PHP, Go, and Ruby are one click away.

Full API reference for engineering

Pricing

Self-serve plans, no sales call

All plans include the same forensic checks. Pick the quota that matches your monthly document volume.

manual

Starter

$15/mo

30 checks/mo

Manual spot-checks and integration testing

most common

Growth

$149/mo

350 checks/mo

Active document processing pipelines

high volume

Pro

$499/mo

1,500 checks/mo

High-volume automation and API integrations

Enterprise (unlimited, on-premise available) see full pricing

Secure your workflowView API docs

API key on signup. Free test environment on every plan. No card required.

Customer Stories

Teams that stopped document fraud

Compliance, finance, and risk teams use HTPBE? to catch manipulated PDFs before they become costly mistakes.

Caught an invoice where the total had been changed by less than a thousand dollars. Without this I would have approved it without a second look.

Sarah M.

AP Manager

United States

We had three applicants in the same week with bank statements that looked completely fine. Two of them were flagged as modified. You simply cannot see this by reading the document — it is in the file structure.

Lars V.

Risk Analyst, Online Lending

Netherlands

Salary slips were coming with altered figures. We identified two problematic files before the placement was finalised.

Priya K.

HR Operations Lead

India

Since we started checking documents this way, we stopped two applications early in the process that would have been very difficult to reverse later.

Julien R.

Fraud Analyst, Fintech

France

Some applicants were sending PDFs that looked authentic but had been edited in ways not visible to the eye. We now ask for checked originals when something is flagged. Already saved us from a few bad decisions.

Marta S.

Compliance Coordinator

Spain

One invoice was caught because there was a mismatch between the document dates and structure. That particular case would have cost us significantly.

Tariq A.

Finance Manager

United Arab Emirates

FAQ

Frequently asked questions

Won’t every receipt look edited if employees forward it by email?

Forwarding an email attachment doesn’t edit the PDF. The PDF’s file structure only changes when the file is re-saved through a tool. Forwarded originals return INTACT.

Can this catch AI-generated receipts?

AI-generated receipts carry distinct structural fingerprints — producer signatures, font subsets, object layouts — that differ from authentic merchant exports. HTPBE? flags them as non-authentic.

Does this work with Concur, Expensify, Ramp, or Brex?

Yes. The API is stack-agnostic — any T&E platform that accepts PDF uploads and can make an outbound HTTPS call can integrate via webhook or pre-processing step.

What about mobile-scanned receipt photos?

Raster photos have no PDF structure to analyze. PDFs produced by a scanner or mobile scanning app still work if the app generates an authentic digital export. Pair with image-forensics tooling for pure photo flows.

Secure your workflow

Create your account — API key on signup, free test environment on every plan.
From $15/mo. No sales call. Cancel any time.

Start free — close the structural fraud gapSee pricing
Read API docs →